Debian Weekly News - August 24th, 1999

Welcome to the 32nd issue of Debian Weekly News, a newsletter
for the Debian developer community.

Triggered by last week's bash breakage, a couple of
huge flame
wars erupted about making Debian less fragile by providing statically
linked versions of important binaries. Some people think Debian should
begin using them extensively so the system is more robust, others disagree,
or think they should be provided, but just as an option.

It's been a very busy week for security announcements for Debian, with 7
announcements made about updated packages. The reason for all the activity
is that the security team is preparing up to release Debian 2.1r3, which
will have all the security updates from the past several months in it. A fix
was released for a serious root exploit in
cfingerd, plus fixes for
smtp-refuser,
trn, and
man2html that prevent overwriting and deletion of arbitrary files.
For termcap-compat, there is a
buffer overflow fix, although Debian only provides termcap as an option
and no Debian packages are vulnerable. Announcements were also made about an
old hole in rsync, and an
unlikely problem with seyon.

One of the authors of Debian GNU/Linux Unleashed has posted a
clarification about when that book will become available. As was reported
earlier in this newsletter, the book promises to include Debian 2.2. They are
aware of our release schedule and the book will probably be held back until
after potato is released. O'Reilly also has a book in the works, due in
October, according to
this web page. No word yet
about what animal will be on the cover..

Dpkgv2 has a new name, the "Herring Package Management Library"
(HPML). The design
specification is
mostly
done and they are moving into the development stage.

There is still no official release date for Debian GNU/Hurd but
development continues. A new version of GRUB (the GRand Unified
Bootloader) was
released, a password setting problem was found and
patched, and new versions of
inetutils, syslogd and
Midnight
Commander have been built for the port.

New packages added to Debian this week include the following 14 and 55 more: